Warren Buffet once said, “Only when the tide goes out do you discover who’s been swimming naked.” You can cover over a host of sins when times are good, but bad or unsafe practices will be exposed when times are rough.

Time and experience have borne out how accurate this witticism has been in the financial arena — and we’re now seeing how it can be true when it comes to the intersection of information security and COVID-19.

From an information security standpoint, current events have brought about a “new normal” in what we do and how we do it. The pandemic has impacted almost every aspect of security in some way — from security operations to security management to security planning and beyond.

Some organizations, particularly those that have embraced operational agility and resilient modes of service delivery, have found the transition relatively painless. Some even have derived unexpected competitive advantages. Others, like those that have rigid operational processes or rely on less resilient strategies, have found it less so.

Ultimately, when we finally reach a “post-COVID” state, there will be plenty of time to analyze what surely will be many lessons learned from the decisions we’re making today (and the legacy of the decisions that we made in the months and years leading up to today.)

However, it’s likely that many weeks or months will pass before we can get to that systematic and analytical retrospective. Yet even though the data will be slow in coming, we can draw out some trends — though still anecdotal — based on what we see in the world around us.

There are lessons we can learn to inform how we plan for the remainder of this crisis, and they may inform the questions we ask when the time for retrospective analysis does come.

The Threat Landscape

The first area for productive exploration involves changes to the threat landscape. Now, it bears saying that it’s early in the cycle, and there’s limited data about the direct impacts associated with the operational changes that we’ve made to accommodate “work from home” orders and increased “externalization” of technology services.

Because of this, it’s important that we be ready to adapt or gainsay what we observe anecdotally in light of hard data that is sure to be coming. Caveat aside, we have seen some concerning trends emerge that are observable (though perhaps not yet directly quantifiable) as it pertains to the threat landscape.

We’ve seen an
increase in attacks against the healthcare sector. These run the gamut from ransomware and phishing to more sophisticated attacks.

While this is obviously horrifying, given that these are the same institutions that are responsible for treating the onslaught of COVID patients, it is informative in that it gives us some insight into how attackers operate.

We’ve also seen an emergence of attacks against videoconferencing applications: for example, uninvited external participants in conferences (i.e., “Zoom crashing”) along with a steady stream of security vulnerabilities in popular videoconferencing platforms.

These facts tell us two things about attacker activity that might be tougher to see in normal times, providing a different frame of reference to observe how attackers have pivoted in response to new business conditions.

First, attackers continue to use contextual events as fodder for attack campaigns. This is perhaps not that surprising in itself, but it is valuable when combined with the observation that they are tending to concentrate attacks against exactly those industries that have their hands full already in the midst of the crisis. Attackers go after the vulnerable — and they leverage context to do so.

Second, many long have held that the size of the target increases the prevalence of attacks. For example, when a large population of users employ a given tool, the size of the target increases. Again, this might be something that seems obvious at first blush, but watching it happen — for example watching attacks against videoconferencing applications go from “all but unheard of” to “commonplace” in proportion to increased usage — is noteworthy.

Noticing these patterns isn’t exactly rocket science because they’ve long been expected, but watching the pivot happen in front of our eyes makes it that much more clear.

BYOD and Cloud

It is interesting to observe how organizations have adapted to BYOD and externalization (e.g. cloud). Even organizations that historically have been reluctant to embrace cloud services and allow use of employee-owned devices for business purposes in many cases have had to allow some lessening of restrictions in order to maintain worker productivity. Some have said that the changes translate to the final death knell for the traditional network perimeter.

It is unlikely we will we see a complete elimination of the perimeter as a result of the adaptations we’ve made in response to current conditions. However, the pandemic could lead to a faster erosion of it. Some organizations on the other side of COVID (whatever that might look like) might find it difficult to re-introduce restrictions on BYOD after users have acquired the habit and developed a taste for using their own phones, laptops,and Internet access to support their work.

Likewise, organizations that historically have been loath to migrate critical services or applications to the cloud — and are doing so now out of necessity — may find that inertia works in favor of leaving those services external rather than bringing them back inside the traditional perimeter.

The reason it pays to think through these things is that now can be a good time to gather information. If you’ve been worried about the economic or customer impacts of cloud and you’ve made an emergency short-term transition now, collect what information you can about the economic performance.

In situations where workers previously were not able to use their own devices but can do so now, for the short term, collect whatever information you can about their usage. Take advantage of the opportunity to learn something that potentially can help you decide what kind of organization you want to be on the other side of this terrible situation.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.


Ed Moyle, partner at
SecurityCurve, has been an ECT News Network columnist since 2007. His extensive background in computer security includes experience in forensics, application penetration testing, information security audit and secure solutions development. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the information security industry as author, public speaker and analyst.



Source link

111 COMMENTS

  1. Hi there, simply become aware of your weblog through Google, and located that it’s truly informative. I am going to be careful for brussels. I’ll be grateful in the event you proceed this in future. Many other folks will be benefited from your writing. Cheers!|

  2. When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you can remove people from that service? Thanks!|

  3. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You definitely know what youre talking about, why throw away your intelligence on just posting videos to your weblog when you could be giving us something informative to read?|

  4. I’m curious to find out what blog platform you are utilizing? I’m having some small security issues with my latest site and I would like to find something more safe. Do you have any suggestions?|

  5. Hi there! I could have sworn I’ve been to this website before but after checking through some of the post I realized it’s new to me. Nonetheless, I’m definitely delighted I found it and I’ll be bookmarking and checking back often!|

  6. Amazing issues here. I’m very satisfied to peer your article. Thanks a lot and I am taking a look forward to contact you. Will you kindly drop me a mail?|

  7. My developer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the costs. But he’s tryiong none the less. I’ve been using WordPress on several websites for about a year and am nervous about switching to another platform. I have heard great things about blogengine.net. Is there a way I can import all my wordpress posts into it? Any help would be greatly appreciated!|

  8. It’s actually a great and useful piece of information. I’m happy that you shared this helpful information with us. Please stay us informed like this. Thanks for sharing.|

  9. great put up, very informative. I’m wondering why the opposite specialists of this sector do not notice this. You must continue your writing. I’m confident, you’ve a huge readers’ base already!|

  10. It’s a shame you don’t have a donate button! I’d most certainly donate to this superb blog! I suppose for now i’ll settle for bookmarking and adding your RSS feed to my Google account. I look forward to new updates and will share this site with my Facebook group. Talk soon!|

  11. Hello, i think that i saw you visited my website thus i came to “return the favor”.I am trying to find things to improve my site!I suppose its ok to use some of your ideas!!|

  12. Howdy would you mind stating which blog platform you’re using? I’m going to start my own blog in the near future but I’m having a difficult time making a decision between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I’m looking for something completely unique. P.S My apologies for getting off-topic but I had to ask!|

  13. I was curious if you ever thought of changing the page layout of your blog? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having 1 or 2 pictures. Maybe you could space it out better?|

  14. Hi there! This article could not be written much better! Going through this article reminds me of my previous roommate! He continually kept talking about this. I’ll forward this post to him. Pretty sure he’ll have a good read. Thank you for sharing!|

  15. Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me. Anyways, I’m definitely happy I found it and I’ll be book-marking and checking back frequently!

  16. Howdy! I know this is somewhat off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having problems finding one? Thanks a lot!|

  17. You’re so interesting! I don’t think I’ve truly read through anything like this before. So nice to find someone with genuine thoughts on this subject. Really.. many thanks for starting this up. This web site is one thing that is required on the internet, someone with some originality!|

  18. Hmm it looks like your site ate my first comment (it was super long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I too am an aspiring blog writer but I’m still new to the whole thing. Do you have any helpful hints for novice blog writers? I’d genuinely appreciate it.|

  19. Does your blog have a contact page? I’m having problems locating it but, I’d like to shoot you an email. I’ve got some ideas for your blog you might be interested in hearing. Either way, great blog and I look forward to seeing it grow over time.|

  20. Hello very nice blog!! Man .. Beautiful .. Wonderful .. I will bookmark your web site and take the feeds also? I am satisfied to find numerous useful information right here in the post, we need work out extra techniques in this regard, thanks for sharing. . . . . .|

  21. With havin so much written content do you ever run into any problems of plagorism or copyright violation? My site has a lot of completely unique content I’ve either created myself or outsourced but it seems a lot of it is popping it up all over the internet without my authorization. Do you know any solutions to help reduce content from being stolen? I’d definitely appreciate it.|

  22. Hi there this is kind of of off topic but
    I was wondering if blogs use WYSIWYG editors or
    if you have to manually code with HTML. I’m
    starting a blog soon but have no coding expertise so I wanted to get guidance from someone with experience.
    Any help would be enormously appreciated!

  23. Hi there! This is my first visit to your blog! We are a group of volunteers and starting a new initiative in a community in the same niche. Your blog provided us beneficial information to work on. You have done a extraordinary job!|

  24. Aw, this was a really nice post. In thought I wish to put in writing like this moreover – taking time and precise effort to make a very good article… however what can I say… I procrastinate alot and in no way appear to get one thing done.

  25. The writer’s title is Loreta Quarterman even although she doesn’t genuinely like getting named like that. Her husband and her selected to reside in New Jersey but her spouse would like them to move. My working working day occupation is an office clerk and it’s some factor I actually get enjoyment from. My wife doesn’t like it the way I do but what I seriously like performing is to base soar but I don’t have the time currently.

  26. Excellent web site. A lot of helpful information here. I am sending it to a few buddies ans additionally sharing in delicious. And naturally, thanks on your effort!|

  27. I got this web page from my buddy who told me regarding this web site and at the moment this time I am visiting this web site and reading very informative content at this place.|

  28. Hmm is anyone else having problems with the pictures on this blog loading? I’m trying to figure out if its a problem on my end or if it’s the blog. Any feed-back would be greatly appreciated.|

  29. Thanks for some other informative blog. The place else could I am getting that type of info written in such a perfect means? I have a challenge that I’m simply now operating on, and I’ve been at the glance out for such information.|

  30. What i don’t realize is in fact how you are no longer really a lot more well-appreciated than you may be right now. You are very intelligent. You already know therefore considerably when it comes to this subject, produced me individually imagine it from so many varied angles. Its like women and men aren’t involved until it is one thing to do with Woman gaga! Your personal stuffs nice. At all times maintain it up!|

  31. Wow, fantastic blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your web site is excellent, as well as the content!|

  32. Hi, i think that i saw you visited my blog thus i came to “return the favor”.I am trying to find things to enhance my website!I suppose its ok to use a few of your ideas!!|

  33. We’re a bunch of volunteers and opening a new scheme in our community. Your web site offered us with helpful info to paintings on. You have performed a formidable task and our whole group shall be grateful to you.

  34. The name of the writer is Jere and he totally digs that name. My occupation is an office clerk. My wife doesn’t like it the way I do but what I truly like carrying out is to base soar but I don’t have the time recently. California is wherever my home is and I don’t system on shifting it.

  35. Great – I should definitely pronounce, impressed with your web site. I had no trouble navigating through all tabs and related info ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or something, web site theme . a tones way for your customer to communicate. Nice task.

  36. Someone essentially lend a hand to make significantly posts I’d state. That is the very first time I frequented your website page and thus far? I surprised with the analysis you made to make this particular post incredible. Magnificent activity!

  37. Leading Online Pharmacy – Contact us at +1 (917) 259-3352 for unbelievable rates, discount and offers on any medicine. Get it delivered free of cost at your door steps, call us today. Phone : +1 (917) 259-3352

LEAVE A REPLY

Please enter your comment!
Please enter your name here